Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-22755

    There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabiliti... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %2.19
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2161

    Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . ... Read more

    Affected Products :
    • Published: Mar. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36934

    An integer overflow in WhatsApp could result in remote code execution in an established video call.... Read more

    Affected Products : whatsapp
    • EPSS Score: %8.26
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2014-125087

    A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue... Read more

    Affected Products : java-xmlbuilder
    • EPSS Score: %0.08
    • Published: Feb. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000653

    zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.... Read more

    Affected Products : zzcms
    • EPSS Score: %0.26
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17622

    Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.... Read more

    • EPSS Score: %4.15
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-21234

    Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.... Read more

    Affected Products : hive jodd
    • EPSS Score: %25.25
    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2000-0944

    CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.... Read more

    Affected Products : script_center_news_update
    • EPSS Score: %10.71
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-43882

    Microsoft Defender for IoT Remote Code Execution Vulnerability... Read more

    Affected Products : defender_for_iot
    • EPSS Score: %0.58
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16975

    An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input va... Read more

    Affected Products : elefant elefant_cms
    • EPSS Score: %0.60
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27983

    Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.... Read more

    Affected Products : maxsite_cms
    • EPSS Score: %10.61
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17631

    Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.... Read more

    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-26612

    An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.... Read more

    Affected Products : windows nexacro
    • EPSS Score: %0.92
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12116

    An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OO... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %1.15
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18696

    An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January 2017).... Read more

    Affected Products : android msm8996 exynos_8890 exynos_7420
    • EPSS Score: %0.15
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17637

    Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.... Read more

    Affected Products : car_rental_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-28872

    An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.... Read more

    Affected Products : monitorr monitorr
    • EPSS Score: %0.49
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12193

    H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter.... Read more

    Affected Products : h3cloud_os
    • EPSS Score: %0.26
    • Published: Jul. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17137

    Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions.... Read more

    Affected Products : next
    • EPSS Score: %0.43
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-1627

    MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021.... Read more

    Affected Products : mule
    • EPSS Score: %0.41
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results